Florian Grehl

Create Virtual Machines in vSphere with Tanzu using kubectl

by Florian Grehl
April 6, 2021May 2, 2021

This article explains how you can create Virtual Machines in Kubernetes Namespaces in vSphere with Tanzu. The deployment of Virtual Machines in Kubernetes namespaces using kubectl was shown in demonstrations but is currently (as of vSphere 7.0 U2) not supported. Only with third-party integrations like TKG, it is possible to create Virtual Machines by leveraging the vmoperator.

With the kubernetes-admin, accessible from the SupervisorControlPlane VM, you can create Virtual Machines today.

Please keep in mind that this is not officially supported by VMware.

Deploy NSX-T Edge VM SSH Keys with Ansible

by Florian Grehl
March 21, 2021

While working with NSX-T, there are many reasons to access edge appliances using SSH. Most troubleshooting options are only available using nsxcli on the appliance itself. During the deployment, each appliance has 3 user account: root, admin, and audit. Alle Accounts are configured with password-based authentication. In a previous article, I've already described how to deploy SSH Keys using nsxcli, which allows a secure and comfortable authentication method. In this article, I'm explaining how to use ansible to deploy SSH public keys to NSX-T Edges. This option allows you to easily manage keys on a large platform.

VMware ESXi 7.0 Update 2 on Intel NUC

by Florian Grehl
March 14, 2021November 11, 2021
26 Comments

VMware vSphere ESXi 7.0 Update 2 has been released this week and before you start to deploy it to production, you want to evaluate it in your testing environment or homelab. If you have Intel NUCs you should always be very careful when updating to new ESXi releases as there might be issues. Please always keep in mind that this is not an officially supported platform.

Within the 7.0 releases, there are many issues with consumer network adapters, like the deprecation of VMKlinux drivers and thus the missing support for Realtek NICs, and the up and downs with the ne1000 driver.

To be on the safe side, I'm doing a quick checkup on which NUCs are safe to update and what considerations you have to take before installing the update. Also, I'm quickly explaining the options to workaround the crypto64.efi issue.

Error when connecting Virtual Machine to NSX-T Segments

by Florian Grehl
March 13, 2021

When you try to connect an NSX-T based Segment to a virtual machine, the task fails with the following error message:

Reconfigure virtual machine - An error occurred during host configuration

In the nsx logfile on the ESXi host where the VM is located, the following error is displayed:

/var/log/nsx-syslog.log
2021-03-13T19:00:36Z nsx-opsagent[527252]: NSX 527252 - [nsx@6876 comp="nsx-esx" subcomp="opsagent" s2comp="nsxa" tid="527596" level="ERROR" errorCode="MPA44211"] [PortOp] Failed to create port 780b915d-1479-4eed-8e29-2364d9563f95 with VIF f3f605f2-38a1-4263-bbbd-81b189077f69 because DVS id is not found by transport-zone id 1b3a2f36-bfd1-443e-a0f6-4de01abc963e
2021-03-13T19:00:36Z nsx-opsagent[527252]: NSX 527252 - [nsx@6876 comp="nsx-esx" subcomp="opsagent" s2comp="nsxa" tid="527596" level="ERROR" errorCode="MPA42001"] [CreateLocalDvPort] createPort(uuid=780b915d-1479-4eed-8e29-2364d9563f95, zone=1b3a2f36-bfd1-443e-a0f6-4de01abc963e) failed: Failed to create port 780b915d-1479-4eed-8e29-2364d9563f95 with VIF f3f605f2-38a1-4263-bbbd-81b189077f69 because DVS id is not found by transport-zone id 1b3a2f36-bfd1-443e-a0f6-4de01abc963e

Failed to load crypto64.efi - ESXi 7.0 U2 Upgrade Error

by Florian Grehl
March 12, 2021March 14, 2021

When you try to upgrade your ESXi host to the latest 7.0 U2 release using either the predefined update baselines or by using esxcli with the upgrade bundle, your ESXi host might fail to reboot with the following error message.

Loading /boot.cfg
Failed to load crypto64.efi
Fatal error: 15 (Not found)

The error can not be solved with the Shift+R method to restore the previous ESXi version. VMware is aware of the problem and has already removed the update bundle (VMware-ESXi-7.0U2-17630552-depot.zip) and Image Profile (ESXi-7.0.2-17630552-standard) from their repository. Currently, you only have two options to upgrade to ESXi 7.0 Update 2. If you already ran into the "Failed to load crypto64.efi" error, you have to take option 1, which will fix the error.

[Update 2021-03-13] - VMware has also disabled the image profile for 7.0.2. If you try an online update using ESXCLI or want to create a custom image using Imagebuilder, you get the following error:

[NoMatchError] No image profile found with name 'ESXi-7.0.2-17630552-standard' id = ESXi-7.0.2-17630552-standard Please refer to the log file for more details.

NSX-T Backup Monitoring

by Florian Grehl
March 11, 2021

When you've configured automated backups in NSX-T, you might be unaware that failed backup jobs do not trigger alarms in the integrated NSX-T alarm dashboard. When a backup fails, you can only see the following error message in the Backup & Restore configuration:

At the moment, you have to manually check that the backup is running as expected. This can also be done using the API:

How to Backup and Restore NSX-T

by Florian Grehl
February 28, 2021February 28, 2021
1 Comment

NSX-T is a critical infrastructure component and it is crucial to have a working backup and restore plan. With complex products, the backup and restore strategy gets more complicated. When working with Virtual Machines, the backup is usually done with VMware Snapshots, which is super convenient. Unfortunately, with the complexity of NSX-T which has many components like clustered Managers, Transport Nodes, and ESXi Kernel Modules, you can't use snapshots as a backup strategy.

This article provides an overview of how to backup NSX-T, and how the restore is done properly.

vSphere with Tanzu - SupervisorControlPlaneVM Excessive Disk WRITE IO

by Florian Grehl
February 23, 2021March 14, 2021
3 Comments

After deploying the latest version of VMware vSphere with Tanzu (vCenter Server 7.0 U1d / v1.18.2-vsc0.0.7-17449972), I noticed that the Virtual Machines running the Control Plane (SupervisorControlPlaneVM) had a constant disk write IO of 15 MB/s with over 3000 IOPS. This was something I didn't see in previous versions and as this is a completely new setup with no namespaces created yet, there must be an issue.

After troubleshooting the Supervisor Control Plane, it turned out that the problem was caused by fluent-bit, which is the Log processor used by Kubernetes. The log was constantly spammed with debugging messages. Reducing the log level solved the problem for me.

[Update: 2021-03-14 - The problem is not resolved in vSphere 7.0 Update 2]

ESXi on 11th Gen Intel NUC Pro (Tiger Canyon)

by Florian Grehl
February 5, 2021December 18, 2023
2 Comments

Intel's Tiger Lake-based 11th Gen "Tiger Canyon" NUC Professional series has been launched in Q1 of 2021. In a previous article, I made a quick comparison of the upcoming 11th Gen series NUCs. This article takes a deeper look at their capabilities to run VMware ESXi. VMware does not officially support NUCs but they are ubiquitous in many home labs or test environments. They are small, silent, transportable, and have very low power consumption, making them a great server for your home lab. The Tiger Canyon is available with i3, i5, and i7 CPUs. The i5 and i7 versions are also available with vPro Support.

NUC11TNKv7 / NUC11TNHv7 / NUC11TNHv70L (Intel Core i7-1185G7 vPro - 4 Core, up to 4.8 GHz)
NUC11TNKv5 / NUC11TNHv5 / NUC11TNHv50L (Intel Core i5-1145G7 vPro - 4 Core, up to 4.4 GHz)
NUC11TNKi7 / NUC11TNHi7 / NUC11TNHi70L (Intel Core i7-1165G7 - 4 Core, up to 4.7 GHz)
NUC11TNKi5 / NUC11TNHi5 / NUC11TNHi50L (Intel Core i5-1135G7 - 4 Core, up to 4.2 GHz)
NUC11TNKi3 / NUC11TNHi3 / NUC11TNHi30L (Intel Core i3-1115G4 - 2 Core, up to 4.1 GHz)

The Tiger Canyon is Intel's professional line in the 11th Generation. As we didn't have a vPro NUC in the 10th Generation and the 9th series was quite a different approach with a larger chassis, the Tiger Canyon is the actual successor to the 8th Gen Provo Canyon. This system is intended for professional use cases and has some great enhancements for your homelab running ESXi like the expansion bay which allows you to install a second network adapter.

ESXi on 11th Gen Intel NUC (Tiger Lake - Panther Canyon)

by Florian Grehl
January 28, 2021December 18, 2023

Intel's Tiger Lake-based 11th Gen Panther Canyon NUC series has been launched in Q1 of 2021. In a previous article, I made a quick comparison of the upcoming 11th Gen series NUCs. This article takes a deeper look at their capabilities to run VMware ESXi. VMware does not officially support NUCs but they are ubiquitous in many home labs or test environments. They are small, silent, transportable, and have very low power consumption, making them a great server for your home lab. The Panther Canyon is available with i3, i5, and i7 CPUs.

NUC11PAKi7/NUC11PAHi7 (Intel Core i7-1165G7 - 4 Core, up to 4.7 GHz)
NUC11PAKi5/NUC11PAHi5 (Intel Core i5-1135G7 - 4 Core, up to 4.2 GHz)
NUC11PAKi3/NUC11PAHi3 (Intel Core i3-1115G4 - 2 Core, up to 4.1 GHz)

The Panther Canyon is Intel's low-end line in the 11th Generation and the successor to the Frost Canyon. This system is intended to be your standard pc, home theater, or home office workstation. The newly introduced Q-chassis has a 15W wireless fast-charging lid that allows you to charge your smartphone. It is available with i3, i5, or i7 CPU. Like in previous NUC generations, the performance line can be equipped with a 2.5" SATA3 drive.

If you do not need a second 2.5Gbit Adapter or vPro features, this can be an inexpensive alternative to be used in a homelab or for running VMware ESXi.

« Previous
1
…
5
6
7
8
9
…
58
Next »